Setting Up SSL

SSL (Secure Sockets Layer) is a security protocol that encrypts the server-client data channel. In Sisense, SSL secures the link between the Sisense server and the clients’ browsers (where dashboards are created and viewed). With SSL in place, you can access Sisense via an HTTPS secure connection, which is password protected. This is recommended when you want users to be able to access dashboards from outside the organization.

Keep in mind, configuring SSL on your Sisense server and in your IT environment should be performed by an IT Specialist or Web Administrator.

Note: If you are using a reverse proxy or load balancer, you should ensure that the communication between the proxy and Sisense is HTTPS.

The procedure below describes how to set up SSL in Sisense from Sisense V7.2 and later. If you are upgrading from an earlier version to Sisense V7.2 or later, see Configuring SSL after Upgrading at the end of this topic.

To configure your Sisense SSL settings:

  1. In your browser, open the Configuration Manager located at http://localhost:3030.
  2. Toggle the Enable SSL switch to Enabled.
  3. Upload or enter your SSL certificate. Sisense supports two types of certificates, PFX and CERT files. Typically, these files are provided by a third party provider.
    When using SSL, the certificate must include the root certificate and any intermediate certificates.
    PFX: PFX files contain the public key file (SSL certificate file) and the associated private key file in a single file. If you select PFX, drag the PFX file into the browser or click Browse and navigate to the file. In PFX Password, enter the password you received after your PFX was generated.
    CERT-Key: A .cert file is the public key, which is used to verify client authentication requests. It is what is received by an HTTP client from a server in the SSL handshake. If you select CERT-KEY, two boxes are displayed CERT File and Key File. In CERT File, drag the .cert file into the browser or click Browse and navigate to the file. In Key File, drag the key file into the browser or click Browse and navigate to the file. The .key file is the private key to the certificate.
    Alternatively, if the files are not provided, and you have received a coded certificate and key, you can enter these values in the SSL Certificate and SSL Key fields.
  4. In Port, enter the port to be used when accessing Sisense. By default, this is 8081, however, if you are implementing SSL, typically the port is set to 443.
  5. In Internal IP, enter your system DNS name, for example, test.sisense.com.

  6. After you have finished defining these settings, in the Configuration Manager, click Save.

Self-Signed Certificates

If you are using a self-signed certificate, you may experience problems connecting to data sources. This is caused by the self-signed certificate being rejected. To fix this, you need to give the NODE_EXTRA_CA_CERTS environment variable a file path to a file containing your certificate.

To prevent self-signed certificates from being automatically rejected:

  1. On your Sisense server, right-click on This PC (Or My Computer in older versions of Windows) and select Properties.
  2. On the left side, click Advanced system settings.
  3. In System Properties, click Environment Variables.
  4. In Environment Variables, under the System variables area, click New.
  5. In the New System Variable dialog box, in Variable name, enter NODE_EXTRA_CA_CERTS.
  6. In Variable value, enter the address of your .ca file.
    OR
    Select Browse file and navigate to the .ca file.
  7. Click OK.
  8. Restart your computer. This should resolve connection problems caused by sign certificates.

Configuring SSL After Upgrading

Earlier versions of Sisense used IIS, which meant that part of your SSL configuration was stored in the IIS Manager. As NodeJS is now used as the application server, your Sisense SSL bindings must be removed when you are upgrading to Sisense V7.2 and later from an earlier version for SSL to continue to work.

To configure SSL after upgrading: 

  1. On the Sisense Server, open the IIS Manager.
  2. Remove from the IIS Manager the bindings to port 443.
  3. Reset IIS.
  4. In your browser, open the System Configuration at http://localhost:3030/.
  5. Verify that Enable SSL is enabled.
  6. Upload or enter your SSL certificate. Sisense supports two types of certificates, PFX and CERT files. Typically, these files are provided by a third party provider.
    When using SSL, the certificate must include the root certificate and any intermediate certificates.
    PFX: PFX files contain the public key file (SSL certificate file) and the associated private key file in a single file. If you select PFX, drag the PFX file into the browser or click Browse and navigate to the file. In PFX Password, enter the password you received after your PFX was generated.
    CERT-Key: A .cert file is the public key, which is used to verify client authentication requests. It is what is received by an HTTP client from a server in the SSL handshake. If you select CERT-KEY, two boxes are displayed CERT File and Key File. In CERT File, drag the .cert file into the browser or click Browse and navigate to the file. In Key File, drag the key file into the browser or click Browse and navigate to the file. The .key file is the private key to the certificate.
    Alternatively, if the files are not provided, and you have received a coded certificate and key, you can enter these values in the SSL Certificate and SSL Key fields.
  7. In Port, enter the port to be used when accessing Sisense. By default, this is 8081, however, if you are implementing SSL, typically the port is set to 443.
  8. In Internal IP, enter the system URL (for example, test.sisense.com).
  9. Click Save.
  10. Click Yes to restart the Sisense services.